{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12085", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-12-03T08:57:53.329Z", "datePublished": "2025-01-14T17:37:16.036Z", "dateUpdated": "2025-03-13T15:48:10.020Z"}, "containers": {"cna": {"title": "Rsync: info leak via uninitialized stack contents", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time."}], "affected": [{"versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.0"}], "packageName": "rsync", "collectionURL": "https://github.com/RsyncProject/rsync", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.0.6-12.el6_10.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_els:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.2-12.el7_9.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_els:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-20.el8_10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-7.el8_2.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-12.el8_4.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-12.el8_4.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-12.el8_4.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-14.el8_6.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-14.el8_6.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-14.el8_6.6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.1.3-20.el8_8.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:8.8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.2.3-20.el9_5.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.2.3-20.el9_5.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.2.3-9.el9_0.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:9.0::appstream", "cpe:/o:redhat:rhel_e4s:9.0::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.2.3-19.el9_2.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rsync", "defaultStatus": "affected", "versions": [{"version": "0:3.2.3-19.el9_4.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/o:redhat:rhel_eus:9.4::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.12", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "412.86.202502100314-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.12::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "414.92.202502111902-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "415.92.202501281917-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-ansible-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-helm-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift4/ose-operator-sdk-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.16::el9"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhcos", "defaultStatus": "affected", "versions": [{"version": "417.94.202502051822-0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift:4.17::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/cluster-logging-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.8.17-22", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/cluster-logging-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v5.8.17-10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch6-rhel9", "defaultStatus": "affected", "versions": [{"version": "v6.8.1-454", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.8.17-17", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "defaultStatus": "affected", "versions": [{"version": "v1.0.0-537", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v5.8.17-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/eventrouter-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.4.0-339", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/fluentd-rhel9", "defaultStatus": "affected", "versions": [{"version": "v5.8.17-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "defaultStatus": "affected", "versions": [{"version": "v1.1.0-320", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-curator5-rhel9", "defaultStatus": "affected", "versions": [{"version": "v5.8.1-552", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-loki-rhel9", "defaultStatus": "affected", "versions": [{"version": "v3.3.2-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-view-plugin-rhel9", "defaultStatus": "affected", "versions": [{"version": "v5.8.17-5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/loki-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.8.17-12", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/loki-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v5.8.17-5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/lokistack-gateway-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.1.0-725", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/opa-openshift-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.1.0-342", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/vector-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.28.1-88", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/cluster-logging-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.9.11-25", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/cluster-logging-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v5.9.11-11", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/eventrouter-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.4.0-340", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/fluentd-rhel9", "defaultStatus": "affected", "versions": [{"version": "v5.9.11-5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "defaultStatus": "affected", "versions": [{"version": "v1.1.0-321", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-loki-rhel9", "defaultStatus": "affected", "versions": [{"version": "v3.3.2-8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-view-plugin-rhel9", "defaultStatus": "affected", "versions": [{"version": "v5.9.11-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/loki-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.9.11-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/loki-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v5.9.11-4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/lokistack-gateway-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.1.0-724", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/opa-openshift-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.1.0-341", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/vector-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.34.1-30", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.9::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:0324", "name": "RHSA-2025:0324", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0325", "name": "RHSA-2025:0325", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0637", "name": "RHSA-2025:0637", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0688", "name": "RHSA-2025:0688", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0714", "name": "RHSA-2025:0714", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0774", "name": "RHSA-2025:0774", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0787", "name": "RHSA-2025:0787", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0790", "name": "RHSA-2025:0790", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0849", "name": "RHSA-2025:0849", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0884", "name": "RHSA-2025:0884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0885", "name": "RHSA-2025:0885", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1120", "name": "RHSA-2025:1120", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1123", "name": "RHSA-2025:1123", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1128", "name": "RHSA-2025:1128", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1225", "name": "RHSA-2025:1225", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1227", "name": "RHSA-2025:1227", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1242", "name": "RHSA-2025:1242", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1451", "name": "RHSA-2025:1451", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-12085", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539", "name": "RHBZ#2330539", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://kb.cert.org/vuls/id/952657"}], "datePublic": "2025-01-14T15:06:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "workarounds": [{"lang": "en", "value": "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable's memory with zeroes to prevent uninitialized memory disclosure."}], "timeline": [{"lang": "en", "time": "2024-12-05T12:06:36.594000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-01-14T15:06:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-13T15:48:10.020Z"}}, "adp": [{"references": [{"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-26T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-12085"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T04:55:13.505Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12085", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-26T18:00:38.232849Z"}}}], "references": [{"url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-15T15:01:53.408Z"}}], "cna": {"title": "Rsync: info leak via uninitialized stack contents", "credits": [{"lang": "en", "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.3.0"}], "packageName": "rsync", "collectionURL": "https://github.com/RsyncProject/rsync", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:rhel_els:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION", "versions": [{"status": "unaffected", "version": "0:3.0.6-12.el6_10.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_els:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "versions": [{"status": "unaffected", "version": "0:3.1.2-12.el7_9.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "0:3.1.3-20.el8_10", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_aus:8.2::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "0:3.1.3-7.el8_2.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:3.1.3-12.el8_4.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:3.1.3-12.el8_4.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.4::baseos", "cpe:/o:redhat:rhel_tus:8.4::baseos", "cpe:/o:redhat:rhel_aus:8.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:3.1.3-12.el8_4.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "0:3.1.3-14.el8_6.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "0:3.1.3-14.el8_6.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_e4s:8.6::baseos", "cpe:/o:redhat:rhel_aus:8.6::baseos", "cpe:/o:redhat:rhel_tus:8.6::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:3.1.3-14.el8_6.6", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus:8.8::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:3.1.3-20.el8_8.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:3.2.3-20.el9_5.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:3.2.3-20.el9_5.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:9.0::appstream", "cpe:/o:redhat:rhel_e4s:9.0::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "0:3.2.3-9.el9_0.3", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:3.2.3-19.el9_2.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.4::appstream", "cpe:/o:redhat:rhel_eus:9.4::baseos"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.4 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:3.2.3-19.el9_4.1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rsync", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.12::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.12", "versions": [{"status": "unaffected", "version": "412.86.202502100314-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.14::el9", "cpe:/a:redhat:openshift:4.14::el8"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.14", "versions": [{"status": "unaffected", "version": "414.92.202502111902-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.15::el8", "cpe:/a:redhat:openshift:4.15::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.15", "versions": [{"status": "unaffected", "version": "415.92.202501281917-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-ansible-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-helm-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.16::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.16", "versions": [{"status": "unaffected", "version": "v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift4/ose-operator-sdk-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:openshift:4.17::el9"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4.17", "versions": [{"status": "unaffected", "version": "417.94.202502051822-0", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhcos", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.8.17-22", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/cluster-logging-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.8.17-10", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/cluster-logging-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v6.8.1-454", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/elasticsearch6-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.8.17-17", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/elasticsearch-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v1.0.0-537", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.8.17-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/elasticsearch-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v0.4.0-339", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/eventrouter-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.8.17-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/fluentd-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v1.1.0-320", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.8.1-552", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/logging-curator5-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v3.3.2-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/logging-loki-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.8.17-5", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/logging-view-plugin-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.8.17-12", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/loki-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.8.17-5", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/loki-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v0.1.0-725", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/lokistack-gateway-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v0.1.0-342", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/opa-openshift-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.8::el9"], "vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "versions": [{"status": "unaffected", "version": "v0.28.1-88", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/vector-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.9.11-25", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/cluster-logging-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.9.11-11", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/cluster-logging-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v0.4.0-340", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/eventrouter-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.9.11-5", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/fluentd-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v1.1.0-321", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v3.3.2-8", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/logging-loki-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.9.11-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/logging-view-plugin-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.9.11-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/loki-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v5.9.11-4", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/loki-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v0.1.0-724", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/lokistack-gateway-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v0.1.0-341", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/opa-openshift-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:logging:5.9::el9"], "vendor": "Red Hat", "product": "RHOL-5.9-RHEL-9", "versions": [{"status": "unaffected", "version": "v0.34.1-30", "lessThan": "*", "versionType": "rpm"}], "packageName": "openshift-logging/vector-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2024-12-05T12:06:36.594000+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2025-01-14T15:06:00+00:00", "value": "Made public."}], "datePublic": "2025-01-14T15:06:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:0324", "name": "RHSA-2025:0324", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0325", "name": "RHSA-2025:0325", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0637", "name": "RHSA-2025:0637", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0688", "name": "RHSA-2025:0688", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0714", "name": "RHSA-2025:0714", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0774", "name": "RHSA-2025:0774", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0787", "name": "RHSA-2025:0787", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0790", "name": "RHSA-2025:0790", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0849", "name": "RHSA-2025:0849", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0884", "name": "RHSA-2025:0884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:0885", "name": "RHSA-2025:0885", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1120", "name": "RHSA-2025:1120", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1123", "name": "RHSA-2025:1123", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1128", "name": "RHSA-2025:1128", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1225", "name": "RHSA-2025:1225", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1227", "name": "RHSA-2025:1227", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1242", "name": "RHSA-2025:1242", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2025:1451", "name": "RHSA-2025:1451", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-12085", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539", "name": "RHBZ#2330539", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://kb.cert.org/vuls/id/952657"}], "workarounds": [{"lang": "en", "value": "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable's memory with zeroes to prevent uninitialized memory disclosure."}], "descriptions": [{"lang": "en", "value": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-03-13T15:48:10.020Z"}, "x_redhatCweChain": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"}}, "cveMetadata": {"cveId": "CVE-2024-12085", "state": "PUBLISHED", "dateUpdated": "2025-03-13T15:48:10.020Z", "dateReserved": "2024-12-03T08:57:53.329Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2025-01-14T17:37:16.036Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en rsync daemon que podr\u00eda activarse cuando rsync compara sumas de comprobaci\u00f3n de archivos. Este fallo permite a un atacante manipular la longitud de la suma de comprobaci\u00f3n (s2length) para provocar una comparaci\u00f3n entre una suma de comprobaci\u00f3n y una memoria no inicializada y filtrar un byte de datos de pila no inicializados a la vez."}], "id": "CVE-2024-12085", "lastModified": "2025-02-26T15:15:20.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2025-01-14T18:15:25.123", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0324"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0325"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0637"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0688"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0714"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0774"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0787"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0790"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0849"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0884"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:0885"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1120"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1123"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1128"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1225"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1227"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1242"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2025:1451"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2024-12085"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539"}, {"source": "secalert@redhat.com", "url": "https://kb.cert.org/vuls/id/952657"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2025:0849", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "rsync-0:3.0.6-12.el6_10.1", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support  - EXTENSION", "release_date": "2025-01-30T00:00:00Z"}, {"advisory": "RHSA-2025:0714", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "rsync-0:3.1.2-12.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0325", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "rsync-0:3.1.3-20.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0884", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "rsync-0:3.1.3-7.el8_2.3", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2025:0885", "cpe": "cpe:/o:redhat:rhel_aus:8.4", "package": "rsync-0:3.1.3-12.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2025:0885", "cpe": "cpe:/o:redhat:rhel_tus:8.4", "package": "rsync-0:3.1.3-12.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2025:0885", "cpe": "cpe:/o:redhat:rhel_e4s:8.4", "package": "rsync-0:3.1.3-12.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2025:0790", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "rsync-0:3.1.3-14.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-29T00:00:00Z"}, {"advisory": "RHSA-2025:0790", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "rsync-0:3.1.3-14.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-29T00:00:00Z"}, {"advisory": "RHSA-2025:0790", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "rsync-0:3.1.3-14.el8_6.6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-29T00:00:00Z"}, {"advisory": "RHSA-2025:0787", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "rsync-0:3.1.3-20.el8_8.1", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-29T00:00:00Z"}, {"advisory": "RHSA-2025:0324", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "rsync-0:3.2.3-20.el9_5.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0324", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "rsync-0:3.2.3-20.el9_5.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0688", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "rsync-0:3.2.3-9.el9_0.3", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0774", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "rsync-0:3.2.3-19.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-28T00:00:00Z"}, {"advisory": "RHSA-2025:0637", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "rsync-0:3.2.3-19.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-22T00:00:00Z"}, {"advisory": "RHSA-2025:1242", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "rhcos-412.86.202502100314-0", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2025-02-13T00:00:00Z"}, {"advisory": "RHSA-2025:1451", "cpe": "cpe:/a:redhat:openshift:4.14::el9", "package": "rhcos-414.92.202502111902-0", "product_name": "Red Hat OpenShift Container Platform 4.14", "release_date": "2025-02-19T00:00:00Z"}, {"advisory": "RHSA-2025:1128", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "rhcos-415.92.202501281917-0", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1123", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-ansible-rhel9-operator:v4.16.0-202501311735.p0.g2cb0020.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1123", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-helm-rhel9-operator:v4.16.0-202501311933.p0.g4246d04.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1123", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-operator-sdk-rhel9:v4.16.0-202501311605.p0.g4246d04.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1120", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "rhcos-417.94.202502051822-0", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.8.17-22", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.8.17-10", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch6-rhel9:v6.8.1-454", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-operator-bundle:v5.8.17-17", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-537", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-rhel9-operator:v5.8.17-4", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-339", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/fluentd-rhel9:v5.8.17-4", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-320", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-curator5-rhel9:v5.8.1-552", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-loki-rhel9:v3.3.2-9", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.8.17-5", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-operator-bundle:v5.8.17-12", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-rhel9-operator:v5.8.17-5", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-725", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-342", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1225", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/vector-rhel9:v0.28.1-88", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.9.11-25", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.9.11-11", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-340", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/fluentd-rhel9:v5.9.11-5", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-321", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-loki-rhel9:v3.3.2-8", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.9.11-6", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-operator-bundle:v5.9.11-9", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-rhel9-operator:v5.9.11-4", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-724", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-341", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1227", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/vector-rhel9:v0.34.1-30", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2025-02-12T00:00:00Z"}], "bugzilla": {"description": "rsync: Info Leak via Uninitialized Stack Contents", "id": "2330539", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330539"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-119", "details": ["A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time."], "mitigation": {"lang": "en:us", "value": "Seeing as this vulnerability relies on information leakage coming from the presence of data in the uninitialized memory of the `sum2` buffer, a potential mitigation involves compiling rsync with the `-ftrivial-auto-var-init=zero` option set. This mitigates the issue because it initializes the `sum2` variable's memory with zeroes to prevent uninitialized memory disclosure."}, "name": "CVE-2024-12085", "public_date": "2025-01-14T15:06:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-12085\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-12085\nhttps://kb.cert.org/vuls/id/952657"], "statement": "This vulnerability is rated as having Important impact as it helps bypass Address Space Layout Randomization (ASLR). ASLR is a memory protection system which makes the exploitation of memory corruption vulnerabilities more difficult.", "threat_severity": "Important"}